function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function add()
{
if (osc_recaptcha_private_key() != '' && !$this->is_admin) {
if (!$this->recaptcha()) {
return 4;
}
}
if (Params::getParam('s_password', false, false) == '') {
return 6;
}
if (Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) {
return 7;
}
$input = $this->prepareData(true);
if (!osc_validate_email($input['s_email'])) {
return 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if ($email_taken != null) {
return 3;
}
$this->manager->insert($input);
$userId = $this->manager->dao->insertedId();
if (is_array(Params::getParam('s_info'))) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
osc_run_hook('user_register_completed', $userId);
$user = $this->manager->findByPrimaryKey($userId);
if (osc_notify_new_user() && !$this->is_admin) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled() && !$this->is_admin) {
osc_run_hook('hook_email_user_validation', $user, $input);
return 1;
}
User::newInstance()->update(array('b_active' => '1'), array('pk_i_id' => $userId));
return 2;
}
function register_user($user)
{
$manager = User::newInstance();
$input['s_name'] = $user['name'];
$input['s_email'] = $user['email'];
$input['s_password'] = sha1(osc_genRandomPassword());
$input['dt_reg_date'] = date('Y-m-d H:i:s');
$input['s_secret'] = osc_genRandomPassword();
$email_taken = $manager->findByEmail($input['s_email']);
if ($email_taken == null) {
$manager->insert($input);
$userID = $manager->dao->insertedId();
$result = $manager->dao->replace();
osc_run_hook('user_register_completed', $userID);
$userDB = $manager->findByPrimaryKey($userID);
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $userDB);
}
if (osc_version() >= 310) {
$manager->update(array('b_active' => '1', 's_username' => $userID), array('pk_i_id' => $userID));
} else {
$manager->update(array('b_active' => '1'), array('pk_i_id' => $userID));
}
insert_facebook_user_data($userID, $user['id']);
osc_run_hook('hook_email_user_registration', $userDB);
osc_run_hook('validate_user', $userDB);
osc_add_flash_ok_message(sprintf(__('Your account has been created successfully', 'facebook'), osc_page_title()));
}
}
value="1" />
<?php
_e('Users need to validate their account');
?>
</label>
</div>
</div>
<div class="form-row">
<div class="form-label"> <?php
_e('Admin notifications');
?>
</div>
<div class="form-controls">
<label id="notify_new_user" class="form-label-checkbox">
<input type="checkbox" id="notify_new_user" name="notify_new_user" <?php
echo osc_notify_new_user() ? 'checked="checked"' : '';
?>
value="1" />
<?php
_e('When a new user is registered');
?>
</label>
</div>
</div>
<div class="form-row">
<div class="form-label"> <?php
_e('Username blacklist');
?>
</div>
<div class="form-controls">
<label id="username_blacklist" class="form-label-input">
function add()
{
$error = array();
$flash_error = '';
if( (osc_recaptcha_private_key() != '') && !$this->is_admin ) {
if( !osc_check_recaptcha() ) {
$flash_error .= _m('The reCAPTCHA was not entered correctly') . PHP_EOL;
$error[] = 4;
}
}
if( Params::getParam('s_password', false, false) == '' ) {
$flash_error .= _m('The password cannot be empty') . PHP_EOL;
$error[] = 6;
}
if( Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false) ) {
$flash_error .= _m("Passwords don't match") . PHP_EOL;
$error[] = 7;
}
$input = $this->prepareData(true);
if( $input['s_name']=='' ) {
$flash_error .= _m('The name cannot be empty') . PHP_EOL;
$error[] = 10;
}
if( !osc_validate_email($input['s_email']) ) {
$flash_error .= _m('The email is not valid') . PHP_EOL;
$error[] = 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if( $email_taken != false ) {
osc_run_hook('register_email_taken', $input['s_email']);
$flash_error .= _m('The specified e-mail is already in use') . PHP_EOL;
$error[] = 3;
}
if($input['s_username']!='') {
$username_taken = $this->manager->findByUsername($input['s_username']);
if( !$error && $username_taken != false ) {
$flash_error .= _m("Username is already taken") . PHP_EOL;
$error[] = 8;
}
if(osc_is_username_blacklisted($input['s_username'])) {
$flash_error .= _m("The specified username is not valid, it contains some invalid words") . PHP_EOL;
$error[] = 9;
}
}
if($flash_error!='') {
osc_run_hook('user_register_failed', $error);
return $flash_error;
}
// hook pre add or edit
osc_run_hook('pre_user_post');
$this->manager->insert($input);
$userId = $this->manager->dao->insertedId();
if($input['s_username']=='') {
$this->manager->update(
array('s_username' => $userId)
,array('pk_i_id' => $userId)
);
}
if ( is_array( Params::getParam('s_info') ) ) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
// update items with s_contact_email the same as new user email
$aItems = Item::newInstance()->findByEmail( $input['s_email'] );
foreach( $aItems as $aux ) {
if( Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']) ) ) {
$this->manager->increaseNumItems($userId);
}
}
// update alerts user id with the same email
Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email']));
$user = $this->manager->findByPrimaryKey($userId);
if( osc_notify_new_user() && !$this->is_admin ) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if( osc_user_validation_enabled() && !$this->is_admin ) {
osc_run_hook('hook_email_user_validation', $user, $input);
$success = 1;
} else {
$this->manager->update(
array('b_active' => '1')
,array('pk_i_id' => $userId)
);
$success = 2;
}
osc_run_hook('user_register_completed', $userId);
return $success;
}
function add()
{
$success = 0;
$error = false;
if (!$error && osc_recaptcha_private_key() != '' && !$this->is_admin) {
if (!osc_check_recaptcha()) {
$error = 4;
}
}
if (!$error && Params::getParam('s_password', false, false) == '') {
$error = 6;
}
if (!$error && Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) {
$error = 7;
}
$input = $this->prepareData(true);
if (!$error && !osc_validate_email($input['s_email'])) {
$error = 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if (!$error && $email_taken != null) {
osc_run_hook('register_email_taken', $input['s_email']);
$error = 3;
}
if (!$error && $input['s_username'] != '') {
$username_taken = $this->manager->findByUsername($input['s_username']);
if (!$error && $username_taken != null) {
$error = 8;
}
if (osc_is_username_blacklisted($input['s_username'])) {
$error = 9;
}
}
// hook pre add or edit
osc_run_hook('pre_user_post');
if (is_numeric($error) && $error > 0) {
osc_run_hook('user_register_failed', $error);
return $error;
}
$this->manager->insert($input);
$userId = $this->manager->dao->insertedId();
if ($input['s_username'] == '') {
$this->manager->update(array('s_username' => $userId), array('pk_i_id' => $userId));
}
if (is_array(Params::getParam('s_info'))) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
// update items with s_contact_email the same as new user email
$aItems = Item::newInstance()->findByEmail($input['s_email']);
foreach ($aItems as $aux) {
if (Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']))) {
$this->manager->increaseNumItems($userId);
}
}
// update alerts user id with the same email
$aAlerts = Alerts::newInstance()->findByEmail($input['s_email']);
foreach ($aAlerts as $aux) {
Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email']));
}
$user = $this->manager->findByPrimaryKey($userId);
if (osc_notify_new_user() && !$this->is_admin) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled() && !$this->is_admin) {
osc_run_hook('hook_email_user_validation', $user, $input);
$success = 1;
} else {
$this->manager->update(array('b_active' => '1'), array('pk_i_id' => $userId));
$success = 2;
}
osc_run_hook('user_register_completed', $userId);
return $success;
}